package com.vpen.iot.controller;

import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.util.io.pem.PemObject;

import java.io.FileReader;
import java.security.KeyFactory;
import java.security.Security;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;

public class LG {

    public static void main(String[] args) {
        try {
            // 添加 BouncyCastle 提供者
            Security.addProvider(new BouncyCastleProvider());

            // 读取私钥文件路径
            String privateKeyPath = "path_to_your_private_key.pem";  // 替换为您的私钥文件路径
            RSAPrivateKey privateKey = loadPrivateKey(privateKeyPath);

            // 模拟要签名的内容
            String licensePart = "license part example";  // 替换为实际的license部分
            byte[] licensePartBytes = licensePart.getBytes("UTF-8");

            // 使用 SHA-1 摘要算法对 licensePart 进行哈希
            byte[] digest = java.security.MessageDigest.getInstance("SHA-1").digest(licensePartBytes);

            // 使用私钥对数据进行签名
            byte[] signature = signWithPrivateKey(privateKey, digest);

            // 将签名结果和licensePart编码为Base64
            String sigResultsBase64 = Base64.getEncoder().encodeToString(signature);
            String licensePartBase64 = Base64.getEncoder().encodeToString(licensePartBytes);

            // 构建最终的 license 信息
            String licenseId = "yourLicenseId";  // 替换为实际的licenseId
            String certBase64 = "yourCertBase64"; // 替换为实际的证书Base64编码
            String result = licenseId + "-" + licensePartBase64 + "-" + sigResultsBase64 + "-" + certBase64;

            // 打印结果
            System.out.println(result);

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    // 加载 PKCS#1 格式的私钥
    private static RSAPrivateKey loadPrivateKey(String privateKeyPath) throws Exception {
        try (PEMParser pemParser = new PEMParser(new FileReader(privateKeyPath))) {
            PemObject pemObject = pemParser.readPemObject();

            // 读取 PEM 数据并确保是 RSA 私钥结构
            if (pemObject != null && pemObject.getType().equals("RSA PRIVATE KEY")) {
                // 直接获取原始字节数据
                byte[] privateKeyBytes = pemObject.getContent();

                // 解析 PKCS#1 格式的私钥
                RSAPrivateKeyStructure privateKeyStructure = RSAPrivateKeyStructure.getInstance(privateKeyBytes);

                // 转换为 PKCS#8 格式的私钥字节数组
                byte[] pkcs8Bytes = privateKeyStructure.getEncoded();
                PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pkcs8Bytes);
                KeyFactory keyFactory = KeyFactory.getInstance("RSA");
                return (RSAPrivateKey) keyFactory.generatePrivate(keySpec);
            } else {
                throw new IllegalArgumentException("The PEM file does not contain an RSA private key.");
            }
        }
    }

    // 使用私钥进行签名
    private static byte[] signWithPrivateKey(RSAPrivateKey privateKey, byte[] data) throws Exception {
        Signature signature = Signature.getInstance("SHA1withRSA");
        signature.initSign(privateKey);
        signature.update(data);
        return signature.sign();
    }
}
